ProviderBETA
The Terraform SecretHub Provider lets you manage your secrets using Terraform.
SecretHub is a developer tool to help you keep database passwords, API tokens, and other secrets out of IT automation scripts.
provider "secrethub" {
# pass in credential or set SECRETHUB_CREDENTIAL enviroment variable
credential = "${file("~/.secrethub/credential")}"
}
resource "secrethub_secret" "db_password" {
path = "my-org/my-repo/db/password"
generate {
length = 22
use_symbols = true
}
}
resource "secrethub_secret" "db_username" {
path = "my-org/my-repo/db/username"
value = "db-user"
}
resource "aws_db_instance" "default" {
allocated_storage = 10
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
name = "mydb"
username = "${secrethub_secret.db_username.value}"
password = "${secrethub_secret.db_password.value}"
parameter_group_name = "default.mysql5.7"
}
Have a look at the reference docs for more information on the supported resources and data sources.
Check out the step-by-step integration guide to get started.
A detailed use case is described in the beta announcement. There are also some examples in this repo.
This project is currently in beta and we'd love your feedback! Check out the issues and feel free suggest cool ideas, use cases, or improvements.
Because it's still in beta, you can expect to see some changes introduced. Pull requests are very welcome.
For support, send us a message on the #terraform
channel on Discord or send an email to terraform@secrethub.io
Get the source code:
git clone https://github.com/secrethub/terraform-provider-secrethub
Build it using:
make build
To run the acceptance tests, the following environment variables need to be set up.
SECRETHUB_CREDENTIAL
- a SecretHub credential.SECRETHUB_TF_ACC_NAMESPACE
- a namespace registered on SecretHub. Make sureSECRETHUB_CREDENTIAL
has admin access.SECRETHUB_TF_ACC_REPOSITORY
- a repository withinSECRETHUB_TF_ACC_NAMESPACE
to be used in the acceptance tests. Make sureSECRETHUB_CREDENTIAL
has admin access.
With the environment variables properly set up, run:
make testacc